Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Red Hat Enterprise Linux 4 Important Kernel Update: RHSA-2011-0263-01

red hat
Calendar Grey February 16, 2011
Dist Redhat Esm H88
Critical kernel upgrade for CentOS 6 has been rolled out, addressing several vulnerabilities and introducing improvements.
Updated kernel packages that fix three security issues, hundreds of bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat ...

Solution

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at

To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system.

Summary

The kernel packages contain the Linux kernel, the core of any Linux operating system.
This update fixes the following security issues:
* A buffer overflow flaw was found in the load_mixer_volumes() function in the Linux kernel's Open Sound System (OSS) sound driver. On 64-bit PowerPC systems, a local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges. (CVE-2010-4527, Important)
* A missing boundary check was found in the dvb_ca_ioctl() function in the Linux kernel's av7110 module. On systems that use old DVB cards that require the av7110 module, a local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges. (CVE-2011-0521, Important)
* A missing initialization flaw was found in the ethtool_get_regs() function in the Linux kernel's ethtool IOCTL handler. A local user who has the CAP_NET_ADMIN capability could use this flaw to cause an information leak. (CVE-2010-4655, Low)
Red Hat would like to thank Dan Rosenberg for reporting CVE-2010-4527, and Kees Cook for reporting CVE-2010-4655.
These updated kernel packages also fix hundreds of bugs and add numerous enhancements. For details on individual bug fixes and enhancements included in this update, refer to the Red Hat Enterprise Linux 4.9 Release Notes, linked to in the References section.
Users should upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. The system must be rebooted for this update to take effect.

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow kernel update privilege escalation Red Hat Enterprise Linux important fix

References

https://access.redhat.com/security/cve/CVE-2010-4527 https://access.redhat.com/security/cve/CVE-2010-4655 https://access.redhat.com/security/cve/CVE-2011-0521 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/search/

Package List

Red Hat Enterprise Linux AS version 4:
Source:
i386: kernel-2.6.9-100.EL.i686.rpm kernel-debuginfo-2.6.9-100.EL.i686.rpm kernel-devel-2.6.9-100.EL.i686.rpm kernel-hugemem-2.6.9-100.EL.i686.rpm kernel-hugemem-devel-2.6.9-100.EL.i686.rpm kernel-smp-2.6.9-100.EL.i686.rpm kernel-smp-devel-2.6.9-100.EL.i686.rpm kernel-xenU-2.6.9-100.EL.i686.rpm kernel-xenU-devel-2.6.9-100.EL.i686.rpm
ia64: kernel-2.6.9-100.EL.ia64.rpm kernel-debuginfo-2.6.9-100.EL.ia64.rpm kernel-devel-2.6.9-100.EL.ia64.rpm kernel-largesmp-2.6.9-100.EL.ia64.rpm kernel-largesmp-devel-2.6.9-100.EL.ia64.rpm
noarch: kernel-doc-2.6.9-100.EL.noarch.rpm
ppc: kernel-2.6.9-100.EL.ppc64.rpm kernel-2.6.9-100.EL.ppc64iseries.rpm kernel-debuginfo-2.6.9-100.EL.ppc64.rpm kernel-debuginfo-2.6.9-100.EL.ppc64iseries.rpm kernel-devel-2.6.9-100.EL.ppc64.rpm kernel-devel-2.6.9-100.EL.ppc64iseries.rpm kernel-largesmp-2.6.9-100.EL.ppc64.rpm kernel-largesmp-devel-2.6.9-100.EL.ppc64.rpm
s390: kernel-2.6.9-100.EL.s390.rpm kernel-debuginfo-2.6.9-100.EL.s390.rpm kernel-devel-2.6.9-100.EL.s390.rpm
s390x: kernel-2.6.9-100.EL.s390x.rpm kernel-debuginfo-2.6.9-100.EL.s390x.rpm kernel-devel-2.6.9-100.EL.s390x.rpm
x86_64: kernel-2.6.9-100.EL.x86_64.rpm kernel-debuginfo-2.6.9-100.EL.x86_64.rpm kernel-devel-2.6.9-100.EL.x86_64.rpm

Read the Full Advisory


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2011:0263-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2011:0263.html
Issue date: 2011-02-16

Topic

Updated kernel packages that fix three security issues, hundreds of bugs,and add numerous enhancements are now available as part of the ongoingsupport and maintenance of Red Hat Enterprise Linux version 4. This is theninth regular update.The Red Hat Security Response Team has rated this update as havingimportant security impact. Common Vulnerability Scoring System (CVSS) basescores, which give detailed severity ratings, are available for eachvulnerability from the CVE links in the References section.

Topics%20covered

Topics Covered

security advisory denial of service buffer overflow kernel update privilege escalation Red Hat Enterprise Linux important fix

Relevant Releases Architectures

Red Hat Enterprise Linux AS version 4 - i386, ia64, noarch, ppc, s390, s390x, x86_64

Red Hat Enterprise Linux Desktop version 4 - i386, noarch, x86_64

Red Hat Enterprise Linux ES version 4 - i386, ia64, noarch, x86_64

Red Hat Enterprise Linux WS version 4 - i386, ia64, noarch, x86_64

Bugs Fixed

176848 - NLM: Fix Oops in nlmclnt_mark_reclaim()

189918 - kernel: serious ugliness in iget() uses by nfsd [rhel-4.9]

217829 - Powernow driver does not work properly with different voltage CPUs

247116 - RFE: Add debug to bonding driver as module option

396631 - Increase timeout for device connection on boot

427998 - RHEL4: Can enter no tick idle mode with RCU pending leading to hang

445957 - Change "decode_getfattr: xdr error %d!" to dprintk

456047 - Kernel Panic at end_bio_bh_io_sync+44

456649 - xenbus suspend_mutex remains locked after transaction failure

457519 - groups_search() cannot handle large gid correctly

459466 - kernel: binfmt_misc.c: avoid potential kernel stack overflow [rhel-4.8]

459499 - proc_loginuid_write() uses simple_strtoul() on non-terminated array

461038 - el4u5 pv guest user coredump crashing system

462717 - IPVS wrr scheduler bug

472752 - BUG() in end_buffer_async_write()

476700 - Loss of USB HID devices when switching with a KVM

479090 - Panic in do_cciss_intr removeQ

479264 - [RHEL4] lost siginfo when a signal queue is full

480404 - kernel BUG at fs/mpage.c:417!

480937 - RHEL-4: Deadlock in Xen netfront driver.

481292 - [RHEL4.7] Original ether's status is keeping PROMISC MULTICAST mode

481371 - PG_error bit is never cleared, even when a fresh I/O to the page succeeds

483783 - kernel hid-input.c divide error crash

484415 - CCISS device-mapper-multipath support: missing sysfs attributes

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here